Internal Control for Information Security

630 Words2 Pages
Internal Control for Information Security Information Security requires internal controls to protect confidential information from external intruders and internal intruders from unauthorized access to the information. The purpose and scope of this project is to address how businesses can use internal control techniques to protect employee, customer, and business information from unauthorized intruders. Internal controls determine how information can be accessed and used, as well as, by whom. Every business needs a security policy that provides authentication, access control, secrecy, data integrity, and audit. (Schneider, 2009) Authentication will determine who is trying to access the information system. Access control determines who is allowed to log on and access information. Secrecy determines who is permitted to access certain information. Data integrity determines who is allowed to change data. And, audit determines who or what causes specific actions to occur and when. "Protecting digital assets means utilizing the best of available technologies and methodologies to achieve security goals." (Making the case for Network Security, 2012) The monitoring of the information system is important to detect external and internal threats. Administrator notification notifies an administrator in the event of a security breach. A careful examination of all components of the network can determine the information, failure, or performance of the system. A knowledge data base
Open Document